122 episodes

Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.

DevelopSec: Developing Security Awareness Jardine Software Inc.

    • Technology
    • 4.0 • 3 Ratings

Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.

    Log4J Sparking Thought on Vulnerable Components

    Log4J Sparking Thought on Vulnerable Components

    Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done?
    For more info go to https://www.developsec.com or follow us on twitter (@developsec).
    Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
     DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

    • 24 min
    How Browsers are Helping with Security

    How Browsers are Helping with Security

    Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/
    Also, they are getting ready to start blocking mixed content downloads:
    https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
     
    For more info go to https://www.developsec.com or follow us on twitter (@developsec).
    Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
     DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

    • 13 min
    Chrome Retires XSS Auditor

    Chrome Retires XSS Auditor

    It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer?  
    https://www.chromium.org/developers/design-documents/xss-auditor
    For more info go to https://www.developsec.com or follow us on twitter (@developsec).
    Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
     DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

    • 14 min
    Is CSRF Really Dead?

    Is CSRF Really Dead?

    In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead?
    For more info go to https://www.developsec.com or follow us on twitter (@developsec).
    Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
     DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

    • 15 min
    Investing in People for Better Application Security

    Investing in People for Better Application Security

    In this episode, James talks about investing in the development teams to increase application security priorities.
    For more info go to https://www.developsec.com or follow us on twitter (@developsec).
    Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
     DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

    • 24 min
    What is your mother's maiden name?

    What is your mother's maiden name?

    In this episode, James talks about some of the risks and recommendations around security questions and their implementation. 
    For more info go to https://www.developsec.com or follow us on twitter (@developsec).
    Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
     DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

    • 21 min

Customer Reviews

4.0 out of 5
3 Ratings

3 Ratings